NVIDIA NemoClaw is an open source reference stack that simplifies running OpenClaw always-on assistants more safely. It installs the NVIDIA OpenShell runtime, part of NVIDIA Agent Toolkit, which provides additional security for running autonomous agents.
Alpha software
NemoClaw is available in early preview starting March 16, 2026. This software is not production-ready. Interfaces, APIs, and behavior may change without notice as we iterate on the design. The project is shared to gather feedback and enable early experimentation. We welcome issues and discussion from the community while the project evolves.
NemoClaw adds guided onboarding, a hardened blueprint, state management, OpenShell-managed channel messaging, routed inference, and layered protection on top of the NVIDIA OpenShell runtime. For the full feature list, refer to Overview. For the system diagram, component model, and blueprint lifecycle, refer to How It Works and Architecture.
Follow these steps to install NemoClaw and run your first sandboxed OpenClaw agent.
Before getting started, check the prerequisites to ensure you have the necessary software and hardware to run NemoClaw.
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 4 vCPU | 4+ vCPU |
| RAM | 8 GB | 16 GB |
| Disk | 20 GB free | 40 GB free |
The sandbox image is approximately 2.4 GB compressed. During image push, the Docker daemon, k3s, and the OpenShell gateway run alongside the export pipeline, which buffers decompressed layers in memory. On machines with less than 8 GB of RAM, this combined usage can trigger the OOM killer. If you cannot add memory, configuring at least 8 GB of swap can work around the issue at the cost of slower performance.
| Dependency | Version |
|---|---|
| Node.js | 22.16 or later |
| npm | 10 or later |
| Platform | See below |
For NemoClaw-managed environments, use nemoclaw onboard when you need to create or recreate the OpenShell gateway or sandbox.
Avoid openshell self-update, npm update -g openshell, openshell gateway start --recreate, or openshell sandbox create directly unless you intend to manage OpenShell separately and then rerun nemoclaw onboard.
The following table lists tested platform and runtime combinations. Availability is not limited to these entries, but untested configurations may have issues.
| OS | Container runtime | Status | Notes |
|---|---|---|---|
| Linux | Docker | Tested | Primary tested path. |
| macOS (Apple Silicon) | Colima, Docker Desktop | Tested with limitations | Install Xcode Command Line Tools (xcode-select --install) and start the runtime before running the installer. |
| DGX Spark | Docker | Tested | Use the standard installer and nemoclaw onboard. |
| Windows WSL2 | Docker Desktop (WSL backend) | Tested with limitations | Requires WSL2 with Docker Desktop backend. |
Download and run the installer script. The script installs Node.js if it is not already present, then runs the guided onboard wizard to create a sandbox, configure inference, and apply security policies.
ℹ️ Note
NemoClaw creates a fresh OpenClaw instance inside the sandbox during the onboarding process.
The installer runs as your normal user and does not require
sudoor root. It installs Node.js via nvm and NemoClaw via npm, both into user-local directories. Docker must be installed and running before you run the installer. Installing Docker may require elevated privileges on Linux.
curl -fsSL https://www.nvidia.com/nemoclaw.sh | bashIf you use nvm or fnm to manage Node.js, the installer may not update your current shell's PATH.
If nemoclaw is not found after install, run source ~/.bashrc (or source ~/.zshrc for zsh) or open a new terminal.
When the install completes, a summary confirms the running environment:
──────────────────────────────────────────────────
Sandbox my-assistant (Landlock + seccomp + netns)
Model nvidia/nemotron-3-super-120b-a12b (NVIDIA Endpoints)
──────────────────────────────────────────────────
Run: nemoclaw my-assistant connect
Status: nemoclaw my-assistant status
Logs: nemoclaw my-assistant logs --follow
──────────────────────────────────────────────────
[INFO] === Installation complete ===
Connect to the sandbox, then chat with the agent through the TUI or the CLI.
nemoclaw my-assistant connectIn the sandbox shell, open the OpenClaw terminal UI and start a chat:
openclaw tuiAlternatively, send a single message and print the response:
openclaw agent --agent main --local -m "hello" --session-id testTo remove NemoClaw and all resources created during setup, run the uninstall script:
curl -fsSL https://raw.githubusercontent.com/NVIDIA/NemoClaw/refs/heads/main/uninstall.sh | bash| Flag | Effect |
|---|---|
--yes |
Skip the confirmation prompt. |
--keep-openshell |
Leave the openshell binary installed. |
--delete-models |
Also remove NemoClaw-pulled Ollama models. |
For troubleshooting installation or onboarding issues, see the Troubleshooting guide.
Refer to the following pages on the official documentation website for more information on NemoClaw.
| Page | Description |
|---|---|
| Overview | What NemoClaw does and how it fits together. |
| How It Works | Plugin, blueprint, sandbox lifecycle, and protection layers. |
| Architecture | Plugin structure, blueprint lifecycle, sandbox environment, and host-side state. |
| Inference Options | Supported providers, validation, and routed inference configuration. |
| Network Policies | Baseline rules, operator approval flow, and egress control. |
| Customize Network Policy | Static and dynamic policy changes, presets. |
| Security Best Practices | Controls reference, risk framework, and posture profiles for sandbox security. |
| Sandbox Hardening | Container security measures, capability drops, process limits. |
| CLI Commands | Full NemoClaw CLI command reference. |
| Troubleshooting | Common issues and resolution steps. |
The following directories make up the NemoClaw repository.
NemoClaw/
├── bin/ # CLI entry point and library modules (CJS)
├── nemoclaw/ # TypeScript plugin (Commander CLI extension)
│ └── src/
│ ├── blueprint/ # Runner, snapshot, SSRF validation, state
│ ├── commands/ # Slash commands, migration state
│ └── onboard/ # Onboarding config
├── nemoclaw-blueprint/ # Blueprint YAML and network policies
├── scripts/ # Install helpers, setup, automation
├── test/ # Integration and E2E tests
└── docs/ # User-facing docs (Sphinx/MyST)
Join the NemoClaw community to ask questions, share feedback, and report issues.
We welcome contributions. See CONTRIBUTING.md for development setup, coding standards, and the PR process.
NVIDIA takes security seriously. If you discover a vulnerability in NemoClaw, DO NOT open a public issue. Use one of the private reporting channels described in SECURITY.md:
- Submit a report through the NVIDIA Vulnerability Disclosure Program.
- Send an email to psirt@nvidia.com encrypted with the NVIDIA PGP key.
- Use GitHub's private vulnerability reporting to submit a report directly on this repository.
For security bulletins and PSIRT policies, visit the NVIDIA Product Security portal.
This software automatically retrieves, accesses or interacts with external materials. Those retrieved materials are not distributed with this software and are governed solely by separate terms, conditions and licenses. You are solely responsible for finding, reviewing and complying with all applicable terms, conditions, and licenses, and for verifying the security, integrity and suitability of any retrieved materials for your specific use case. This software is provided "AS IS", without warranty of any kind. The author makes no representations or warranties regarding any retrieved materials, and assumes no liability for any losses, damages, liabilities or legal consequences from your use or inability to use this software or any retrieved materials. Use this software and the retrieved materials at your own risk.
Apache 2.0. See LICENSE.